Adobe, Google and other Patch Tuesday patches, (Tue, Nov 12th)

Adobe published two advisories today:

APSB13-025: Updates for Adobe Reader and Acrobat

This update fixes vulnerabilities in Reader/Acrobat XI on Windows only. Adobe assigned it a priority rating of '2' which means that Adobe does not expect an immediate exploit but recommends patching the product "soon".

Again, this vulnerability is exploited by embedding Javascript in PDF documents. For details, see CVE-2013-5325 .

APSB13-26: Security Updates for Flash Player

This update affects the Windows, OS X as well as the Linux version of Adobe Flash Player 11.9 (11.2 for Linxu) , as well as Adobe Air 3.9. The Flashplayer vulnerability is assigned a priority of "1" on Windows and OS X which indicates an exploit has been sighted in the wild and Adobe recommends patch "as soon as possible" (72 hrs).

Vulnerabilities are covered by this patch: CVE-2013-5329, CVE-2013-5330.

Google released a new version of Chrome today: Chrome 31. The update includes 25 security fixes. Not exactly a security fix, but still interesting: Chrome 31 improves the SSL ciphers by adding support for the AES-GCM ciphers.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.